Make hosts_allow_table/hosts_deny_table configurable
Bug #625299 reported by
Volodymyr Kolesnykov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ngx_tcpwrappers |
Fix Committed
|
Wishlist
|
Volodymyr Kolesnykov |
Bug Description
The idea is that /etc/hosts.allow and /etc/hosts.deny are writable only by root user.
If we want to give the user ability to blacklist specific hosts/addresses for every virtual host then we need to allow to configure hosts_allow_table and hosts_deny_table.
Related branches
lp:~sjinks/ngx-tcpwrappers/lp625299
- Volodymyr Kolesnykov: Approve
-
Diff: 389 lines (+241/-65)1 file modifiedngx_tcpwrappers.c (+241/-65)
Changed in ngx-tcpwrappers: | |
status: | Confirmed → In Progress |
Changed in ngx-tcpwrappers: | |
assignee: | nobody → Vladimir Kolesnikov (sjinks) |
Changed in ngx-tcpwrappers: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
According to <tcpd.h> we can change these global variables:
extern int allow_severity; /* for connection logging */ verbose; /* for verbose matching mode */
extern int deny_severity; /* for connection logging */
extern char *hosts_allow_table; /* for verification mode redirection */
extern char *hosts_deny_table; /* for verification mode redirection */
extern int hosts_access_
extern int rfc931_timeout; /* user lookup timeout */
extern int resident; /* > 0 if resident process */
resident should probably always be greater than 0, rfc931_timeout won't be used because RQ_USER is always STRING_UNKNOWN